#DFIR

Some thoughts on something else I love about our #DFIR community - a thread 1/x Had an amazing conversation with @hexplates today both on and off of #CacheUp - and

Craig H. Rowland

The best detection method for finding Linux intruders is hunting for tactics they use, not binary signatures of their tools. #DFIR When new exploit tools drop, I recommend you basically

So, I've now seen this in two different places. Count me very skeptical, based on a look at the data that is circulating on pastebin. Thread time. 1/? It's

Christopher Glyer

We've all received emails with no attachment and assume it's "safe" to open in a mail client (as long as we don't explicitly click on any URLs). Right?Not so much...

Just a reminder, if you are dealing with a security incident you really can't rush it. IR can take time. If you rush, you'll get it wrong. Everyone gets stressed

I said a few weeks ago that it's going to be a struggle to keep up with everything going on in #DFIR. Haven't been wrong yet. Lots of people starting

Next time you try to hack me and break into devices and accounts of mine, learn to cover your tracks.You messed with the wrong fox, dude.. Or should I say

Yesterday @UK_Daniel_Card started a good thread about the role of the CISO in organisations.It got me thinking about a few things. First, is "security" a respected profession in a meaningful

Fuck it, security engineering teams as D&D classes: First, and most importantly because it's what *I* do, SecOps are your paladin tanks. They have to be burly enough to do

https://twitter.com/briankrebs/status/1321550140474331136 Listen to me - this is CRITICALRyuk Ransomware“..deployed as a payload from banking Trojans such as Trickbot. Ryuk first appeared in Aug 2018 as a derivative of Hermes 2.1